Sebastian Krahmer and Marius Tomaschewski discovered that dhclient ofdhcp3, a DHCP client, is not properly filtering shell meta-charactersin certain options in DHCP server responses. These options are reused inan insecure fashion by dhclient scripts. This allows an attacker to executearbitrary commands with the privileges of such a process by sending craftedDHCP options to a client using a rogue server.

For the oldstable distribution (lenny), this problem has been fixed inversion 3.1.1-6+lenny5.

For the stable (squeeze), testing (wheezy) and unstable (sid) distributions,this problem has been fixed in an additional update for isc-dhcp.

We recommend that you upgrade your dhcp3 packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://www.debian.org/security/